[Git][security-tracker-team/security-tracker][master] Add CVE-2024-21501/node-sanitize-html

Sun Feb 25 20:31:42 GMT 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4d7d25c9 by Salvatore Bonaccorso at 2024-02-25T21:31:08+01:00
Add CVE-2024-21501/node-sanitize-html

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -143,7 +143,12 @@ CVE-2024-22395 (Improper access control vulnerability has been identified in the
 CVE-2024-21502 (Versions of the package fastecdsa before 2.3.2 are vulnerable to Use o ...)
 	NOT-FOR-US: fastecdsa
 CVE-2024-21501 (Versions of the package sanitize-html before 2.12.1 are vulnerable to  ...)
-	TODO: check
+	- node-sanitize-html <unfixed>
+	NOTE: https://github.com/apostrophecms/sanitize-html/pull/650
+	NOTE: https://gist.github.com/Slonser/8b4d061abe6ee1b2e10c7242987674cf
+	NOTE: https://github.com/apostrophecms/apostrophe/discussions/4436
+	NOTE: https://github.com/apostrophecms/sanitize-html/commit/075499d1b98c387f4200fd59972ca9b15796b51b (2.12.1)
+	NOTE: https://github.com/apostrophecms/sanitize-html/commit/1e2294c8001ce07c89448e03289818da631795ba (2.12.1)
 CVE-2024-21423 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2024-1810 (The Archivist \u2013 Custom Archive Templates plugin for WordPress is  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d7d25c99a296c4c3337fad73ef29e9f63a88cdf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d7d25c99a296c4c3337fad73ef29e9f63a88cdf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240225/867d458e/attachment.htm>
